VYPR

Turba Contact Manager

by Horde (software)

CVEs (2)

  • CVE-2008-6746Apr 23, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the contact display view in Turba Contact Manager H3 before 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the contact name.

  • CVE-2008-0807Feb 19, 2008
    risk 0.00cvss epss 0.01

    lib/Driver/sql.php in Turba 2 (turba2) Contact Manager H3 2.1.x before 2.1.7 and 2.2.x before 2.2-RC3, as used in products such as Horde Groupware before 1.0.4 and Horde Groupware Webmail Edition before 1.0.5, does not properly check access rights, which allows remote…